Just experienced a problem with a MySQL installation, which made all eksternal connections (not to localhost) take a very long time to open, making the MySQL server reach the connection limit and rendering it completely useless.

The problem was that the primary DNS server had died. Apparently MySQL uses reverse DNS when checking connections, by default. This can be turned of my adding skip-name-resolve to the [mysqld] section of the /etc/mysql/my.cnf configuration file and restarting the service.

Running scripts as another user might sound like a trivial task, as this is what setuid is supposed to solve. However, if you create a bash script, a php script or another type of script you will soon discover that they do not respond to the setuid flag. This is mainly because of security and the fact that the scripting languages usually have not implemented the setuid functionality at all.

The easiest way of accomplishing this is to create a wrapper program that runs your script for you. C is a good language for this. The following file is an example on how to run a php as setuid.

Wrapper.c

The script can be compiled with cc Wrapper.c -o Wrapper, if you have gcc installed. After compiling, you will need to set the setuid flag on the executable by issuing the chmod u+s Wrapper command. Now you can issue ./Wrapper to run the php script given.

Let’s pretend we have a Linux system with two users good and workaround. Log onto the system as user workaround and create compile Wrapper.c. After issuing chmod u+s Wrapper, do a ls -al and you should see something like the following:

Note the highlighted s in the permissions of the Wrapper file, this is the setuid flag. Now log into the good user and run this script. This will now be run as the workaround user, since the setuid flag is set and the file is owned by the workaround user.

You might be tempted to take the script name as an argument. Do not do this, as this severly decreases the security! If you really want to do simething like this, please use predefined commands and give the command line argument as the “command number 3”. This way no malicious user can execute all commands through this script.

As many people have discovered the DTS sound subsystem is badly broken in Mac OS X 10.6.8, 10.7.0 and 10.7.1. When playing videos with AC3 encoded suround sound, the sound subsystem continues to pump out DTS encoded noise through it’s digital ports (spdif and hdmi). You can work around this problem by either restarting or putting the mac to sleep and waking it again.

One possibilty (which I actually currently use) is the nightly builds. These are not guaranteed to work, but the DTS issue have been resolved in these.

However, the best way i found to fix this problem is the following.

Stop playback

Open a Terminal (or ssh into the box)

Run the command sudo killall coreaudiod && sleep 5 && say good workaround (you will be asked for your password)

Start playback

In xbmc it looks although you need to stop the playback, run the command and then start the playback all over.

For the lazy people

Why bother to remember a command and type your password? Do the following.

Open a Terminal

Run the command sudo nano /bin/fixsound

Paste the following file (see the box), and hit Ctrl + O to write the file and Ctrl + X to close it

Dynamic routing are becomming more and more common these days, but not on the server side. Actually, Windows 2008 Server no longer supports Open Shortest Path First (OSPF), even though 2003 server did. The most common way of implementing dynamic routing in larger networks, are in the Wide Area Network (WAN) between firewalls. In this guide I will show how to use OSPF in Linux by using the Quagga Software Routing Suite.

As usual I use Debian linux, so let’s start by installing Quagga.

apt-get install quagga

That was not very hard. Let’s take a look at the different configuration files located in /etc/quagga/.

/etc/quagga/daemons

This file enables and disables the different services available in the routing suite. There are several supported protocols such as RIP, BGP and OSPF.

zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no

/etc/quagga/zebra.conf

Zebra is the service that transfers configuration from Quagga to the operating system. Zebra takes care of updating interface addresses, routing tables, hostname, etc.

Ever wondered how to use iptables on debian, without using any GUI solution? Let me explain how I do it.

Usually I use two files /etc/iptables_secure.sh and /etc/iptables_open.sh. The secure script has firewall enabled, while the open script makes iptables accept all connections. Also, I use /etc/init.d/firewall to start and stop the firewall at boot.

You should now be able to issue /etc/init.d/firewall start and /etc/init.d/firewall stop in order to enable or disable the firewall. Also, in order to make the firewall start at boot time, issue the following command.

There are so many amazingly bad guides to Apache and virtual hosting, so i decided to create a good one. This guide uses Apache2 running om Debian 6. I will not cover installation and stuff. Also, I cut right to the chase.

First, the NameVirtualHost property should just be declared once, and ports.conf is a good place to have it.

/etc/apache2/ports.conf

NameVirtualHost *:80
Listen 80

Second, do not place all virtual hosts in a single file, that’s not very dynamic. Look at this:

So what am I doing that no one else is doing? I am symlinking, and I am splitting each domain or subdomain into separate files. Just use place all the domains in the sites-available folder, and symlink it from sites-enabled. This makes it easy to disable sites temporary, by just removing the symlink and reloading apache. Lets take a look one of those files.